When we look at providing enhanced security to SaaS apps with the Citrix Access Control service, I focused on three aspects:
- SSO to SaaS and web apps
- Enhanced security for SaaS and web apps
- URL filtering within SaaS and web apps
As we’ve seen with URL filtering, we can allow, deny or redirect specific websites or website categories (adult, malware, peer-to-peer, social media, news, etc).
But, how would I configure URL filtering where I want to do the following: Deny access to all social media sites EXCEPT Twitter
The deny portion is easy if we use the social media category, but simply denying the social media category will also deny access to Twitter.
In order to do this, we need to better understand the URL analysis flow of Access Control.
Access Control goes through this decision flow to determine if a request should be allowed, denied or redirected. Once Access Control gets a match, the analysis stops.
Based on the flow, in order for us to Deny access to all social media sites EXCEPT Twitter, we would configure the following
- Deny Category: Social Media
- Allow URL: *.twitter.com
A few interesting points on the decision flow:
- You can’t block a URL related to Citrix cloud services, because you will most likely break your workspace.
- You can’t block a URL related to your SaaS apps, because you will most likely break the SaaS app.
- URLs not defined are allowed